|Platform: win2012r2||Date: (C)2015-10-08 (M)2017-10-31|
Enable computer and user accounts to be trusted for delegation
This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Enable computer and user accounts to be trusted for delegation
(2) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeEnableDelegationPrivilege' and precedence=1
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:23027|